Commit 11922961 authored by Rafaël Carré's avatar Rafaël Carré

Update: supports file v4 signatures

Note: public key v3 signatures are not supported
Fix various bugs and potentials buffer overflows
parent 96250779
...@@ -23,7 +23,7 @@ ...@@ -23,7 +23,7 @@
- copy the tar.gz and tar.bz2 file on ftp.videolan.org in - copy the tar.gz and tar.bz2 file on ftp.videolan.org in
/opt/ftp/pub/videolan/testing/vlc-X.X.X/ /opt/ftp/pub/videolan/testing/vlc-X.X.X/
- generate md5 hashes and gpg signature of these files - generate md5 hashes and gpg signature of these files
(use gpg --sign --detach --armor --force-v3-sigs) (use gpg --sign --detach --armor)
* Contribs * Contribs
- Put a copy of the libraries or git snapshot in vlc-X.X.X/contrib - Put a copy of the libraries or git snapshot in vlc-X.X.X/contrib
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
Build in the "buildbeos" chroot on altair. Build in the "buildbeos" chroot on altair.
# add the .zip files to /opt/ftp/pub/videolan/testing/vlc-X.X.X/beos/ # add the .zip files to /opt/ftp/pub/videolan/testing/vlc-X.X.X/beos/
generate md5 hashes and gpg signature of these files generate md5 hashes and gpg signature of these files
(use gpg --sign --detach --armor --force-v3-sigs) (use gpg --sign --detach --armor)
* Win32 Packages * Win32 Packages
make the packages using the nightly builds configure/options/... , don't forget --enable-update-check make the packages using the nightly builds configure/options/... , don't forget --enable-update-check
...@@ -44,12 +44,12 @@ ...@@ -44,12 +44,12 @@
kind of suxxs) kind of suxxs)
add the .zip and .exe files to /opt/ftp/pub/videolan/testing/vlc-X.X.X/win32/ add the .zip and .exe files to /opt/ftp/pub/videolan/testing/vlc-X.X.X/win32/
generate md5 hashes and gpg signature of these files generate md5 hashes and gpg signature of these files
(use gpg --sign --detach --armor --force-v3-sigs) (use gpg --sign --detach --armor)
* OS X packages * OS X packages
configure with --enable-update-check configure with --enable-update-check
generate md5 hashes and gpg signature of these files generate md5 hashes and gpg signature of these files
(use gpg --sign --detach --armor --force-v3-sigs) (use gpg --sign --detach --armor)
* Commit changes ... it never works the first time * Commit changes ... it never works the first time
......
...@@ -32,6 +32,7 @@ static uint8_t videolan_public_key_longid[8] = { ...@@ -32,6 +32,7 @@ static uint8_t videolan_public_key_longid[8] = {
0x8B, 0x08, 0x52, 0x31, 0xD0, 0x38, 0x35, 0x37 0x8B, 0x08, 0x52, 0x31, 0xD0, 0x38, 0x35, 0x37
}; };
/* gpg --export --armor "VideoLAN Release"|sed -e s/^/\"/ -e s/\$/\\\\n\"/ */
static uint8_t videolan_public_key[] = { static uint8_t videolan_public_key[] = {
"-----BEGIN PGP PUBLIC KEY BLOCK-----\n" "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
"Version: GnuPG v2.0.4 (FreeBSD)\n" "Version: GnuPG v2.0.4 (FreeBSD)\n"
...@@ -78,4 +79,3 @@ static uint8_t videolan_public_key[] = { ...@@ -78,4 +79,3 @@ static uint8_t videolan_public_key[] = {
"=Ic/K\n" "=Ic/K\n"
"-----END PGP PUBLIC KEY BLOCK-----\n" "-----END PGP PUBLIC KEY BLOCK-----\n"
}; };
...@@ -33,17 +33,25 @@ ...@@ -33,17 +33,25 @@
#include <vlc/vlc.h> #include <vlc/vlc.h>
#include <vlc_stream.h> /* key & signature downloading */
#include <vlc_strings.h> /* b64 decoding */
#include <vlc_charset.h> /* utf8_fopen() */
#include <gcrypt.h> /* cryptography and digest algorithms */
/** /**
* \defgroup update Update * \defgroup update Update
* *
* @{ * @{
*/ */
/* Go reading the rfc 4880 ! NOW !! */
/*
* XXX
* When PGP-signing a file, we only sign a SHA-1 hash of this file
*
* As soon as SHA-1 is broken, this method is not secure anymore, because an
* attacker could generate a file with the same SHA-1 hash.
*
* Whenever this happens, we need to use another algorithm / type of key.
* XXX
*/
enum /* Public key algorithms */ enum /* Public key algorithms */
{ {
/* we will only use DSA public keys */ /* we will only use DSA public keys */
...@@ -75,14 +83,11 @@ enum /* Signature types */ ...@@ -75,14 +83,11 @@ enum /* Signature types */
POSITIVE_KEY_SIGNATURE = 0x13 /* Substantial verification */ POSITIVE_KEY_SIGNATURE = 0x13 /* Substantial verification */
}; };
enum /* Signature subpacket types */ enum /* Signature subpacket types */
{ {
ISSUER_SUBPACKET = 0x10 ISSUER_SUBPACKET = 0x10
}; };
struct public_key_packet_t struct public_key_packet_t
{ /* a public key packet (DSA/SHA-1) is 418 bytes */ { /* a public key packet (DSA/SHA-1) is 418 bytes */
...@@ -96,52 +101,49 @@ struct public_key_packet_t ...@@ -96,52 +101,49 @@ struct public_key_packet_t
uint8_t y[2+128]; uint8_t y[2+128];
}; };
/* used for public key signatures */ /* used for public key and file signatures */
struct signature_packet_v4_t struct signature_packet_t
{ /* hashed_data or unhashed_data can be empty, so the signature packet is {
* theorically at least 54 bytes long, but always more than that. */ uint8_t version; /* 3 or 4 */
uint8_t version;
uint8_t type; uint8_t type;
uint8_t public_key_algo; uint8_t public_key_algo; /* DSA only */
uint8_t digest_algo; uint8_t digest_algo; /* SHA-1 only */
uint8_t hashed_data_len[2];
uint8_t *hashed_data;
uint8_t unhashed_data_len[2];
uint8_t *unhashed_data;
uint8_t hash_verification[2];
/* The part below is made of consecutive MPIs, their number and size being uint8_t hash_verification[2];
* public-key-algorithm dependant. uint8_t issuer_longid[8];
* But since we use DSA signatures only, we fix it. */
uint8_t r[2+20]; union /* version specific data */
uint8_t s[2+20]; {
}; struct
{
/* Used for binary document signatures (to be compatible with older software) uint8_t hashed_data_len[2]; /* scalar number */
* DSA/SHA-1 is always 65 bytes */ uint8_t *hashed_data; /* hashed_data_len bytes */
struct signature_packet_v3_t uint8_t unhashed_data_len[2]; /* scalar number */
{ uint8_t *unhashed_data; /* unhashed_data_len bytes */
uint8_t header[2]; } v4;
uint8_t version; /* 3 */ struct
{
uint8_t hashed_data_len; /* MUST be 5 */ uint8_t hashed_data_len; /* MUST be 5 */
uint8_t type;
uint8_t timestamp[4]; /* 4 bytes scalar number */ uint8_t timestamp[4]; /* 4 bytes scalar number */
uint8_t issuer_longid[8]; /* The key which signed the document */ } v3;
uint8_t public_key_algo; /* we only know about DSA */ } specific;
uint8_t digest_algo; /* and his little sister SHA-1 */
uint8_t hash_verification[2];/* the 2 1st bytes of the SHA-1 hash */
/* The part below is made of consecutive MPIs, their number and size being /* The part below is made of consecutive MPIs, their number and size being
* public-key-algorithm dependant. * public-key-algorithm dependant.
* But since we use DSA signatures only, we fix it. */ *
* Since we use DSA signatures only, there is 2 integers, r & s, made of:
* 2 bytes for the integer length (scalar number)
* 160 bits (20 bytes) for the integer itself
*
* Note: the integers may be less than 160 significant bits
*/
uint8_t r[2+20]; uint8_t r[2+20];
uint8_t s[2+20]; uint8_t s[2+20];
}; };
typedef struct public_key_packet_t public_key_packet_t; typedef struct public_key_packet_t public_key_packet_t;
typedef struct signature_packet_v4_t signature_packet_v4_t; typedef struct signature_packet_t signature_packet_t;
typedef struct signature_packet_v3_t signature_packet_v3_t;
struct public_key_t struct public_key_t
{ {
...@@ -150,7 +152,7 @@ struct public_key_t ...@@ -150,7 +152,7 @@ struct public_key_t
public_key_packet_t key; /* Public key packet */ public_key_packet_t key; /* Public key packet */
signature_packet_v4_t sig; /* Signature packet, by the embedded key */ signature_packet_t sig; /* Signature packet, by the embedded key */
}; };
typedef struct public_key_t public_key_t; typedef struct public_key_t public_key_t;
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment